kazzkiq
commented
4 years ago No. There is no worry in that because CodeFlask does not executes the code shown. It merely treats it as strings. Prism (which is the lib currently used for code highlight) also does not parse or eval the code AFAIK, so you're good to go.
Hey, I intend to use the code editor for a website, where people can post their own code. CodeFlask will be used, to display that code.
Do I need to worry about xss, when display their code? Thank you in advance!